Dr Unarchiver Malware
Multiple apps developed by Trend Micro are no longer available in the Mac App Store after researchers showed they were collecting browser history and information about users' computers.
On Friday, Apple removed Adware Doctor, a top security app, from its store, on the exact same grounds.
Download this app from Microsoft Store for Windows 10, Windows 10 Mobile, Windows 10 Team (Surface Hub). See screenshots, read the latest customer reviews, and compare ratings for The Unarchiver. The Unarchiver is a small and easy to use program that can unarchive many different kinds of archive files. It will open common formats such as Zip, RAR (including v5), 7-zip, Tar, Gzip and Bzip2. If you're looking for more info about The Unarchiver like screenshots, reviews and comments you should visit our info page about it.
- Unarchiver is the app that lets you browse the contents of archived files and also open files directly from archives.
- The Unarchiver is a small and easy to use program that can unarchive many different kinds of archive files. It will open common formats such as Zip, RAR (including v5), 7-zip, Tar, Gzip and Bzip2. It will also open many older formats, such as StuffIt, DiskDoubler, LZH, ARJ and ARC. It will even open other kinds of files, like ISO and BIN disc.
- Unarchiver 1.3 for Mac is free to download from our software library. The program relates to System Tools. The actual developer of this free Mac application is Trend Micro Inc. Our antivirus check shows that this Mac download is malware free.
The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all under the developer account Trend Micro, Incorporated. Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9.
The first public report of a Trend Micro product in the App Store engaging in shady activities came in late 2017 when user PeterNopSled told Malwarebytes forum members that 'that his Mac was taken over by Open Any Files: RAR Support,' and it did not let him open Word or Excel files.
He discovered that the app was promoting the Trend Micro Antivirus product in the store, with no apparent connection.
Thomas Reed, the developer of Malwarebytes for Mac, chimed in on the thread confirming the unethical behavior and the connection between the two apps.
'Dr. Antivirus does appear to be legitimately associated with Trend Micro, on initial investigation, and the Open Any Files app uses an affiliate code to link to the Dr. Antivirus page on the App Store. Dr. Antivirus appears to be junk - I threw 23 components of malware from this year at it, and it only detected 5 of them,' Reed posted.
On Saturday, security researcher Privacy_1st published a video showing that Dr. Cleaner and Dr. Antivirus collected browser history from Safari, Chrome, and Firefox, along with some system information.
iOS developer and 9to5Mac writer Guilherme Rambo found that Trend Micro's Dr. Unarchiver was also siphoning user data.
Info heading to Trend Micro servers
Privacy_1st looked into the three apps from Trend Micro and saw that they had hardcoded strings for exfiltrating user information.
They collected browser history and data from the device that could be used for identification. The researcher says that the serial number and the version of the operating system were among the exfiltrated details.
The final destination for the information was the trendmicro.com domain, the researcher told us, the same as the Open Any Files app.
Observing the behavior of the apps, the researcher noticed that they received at runtime a JSON file with different codes, which suggests that the apps retrieve commands from the mother ship for data exfiltration.
It is important to note that the three apps analyzed by Privacy_1st did not exhibit data exfiltration behavior every time they launched. Also, the researcher did not have a chance to look closer into this, but from his experience with analyzing APT malware, this looks like a valid theory.
Multiple apps remove data in the same way, all from Chinese devs
The method used by Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver to upload user data to an external server is not singular, Privacy_1 points out.
The Unarchiver Mac Os
Adware Doctor and Komros Adware Cleaner (same developer behind them), Open Any Files and Adblock Master relied on the same technique to lift the information from users.
Another thing these apps have in common is a connection with Trend Micro and a Chinese developer.
The apps have been reported to Apple since at mid-August and are currently removed from the Mac App Store.
Also removed is App Uninstall (spotted by security researcher Joshua Long), another product under Trend Micro's developer account.
Trend Micro's list of apps in the App Store at the time of publishing is reduced to two entries: Network Scanner (five ratings) and Dr. WiFi (not rated yet).
We reached out to Trend Micro for a statement on the matter but received no reply at the time of publishing.
Update [September 10, 19:13]: Trend Micro released less than an hour ago a statement denying that its apps were stealing user data. The company says that an initial investigation confirms that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected browser snapshots, but the behavior was disclosed in the EULAs of each product.
'This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service),' Trend Micro explains, adding that the data was uploaded to a server in the US on Amazon Web Services, not in China.
Trend Micro is yet to explain the connection with shady apps from other developers and why the its products were removed from the App Store. A representative of the company told BleepingComputer that the company statement would be updated continuously.
Dr Unarchiver Malware Removal
Related Articles:
After the security blunder most of its Mac App Store apps were a part of the last few days, Trend Micro published an apologetic public letter with findings resulting from an internal investigation.
According to reports from the Malware Bytes Labs coupled with multiple other ones from a large list of security researchers published two days ago, Trend Micro's Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver macOS apps were proven to collect and send sensitive users data to remote Internet servers.
After the news reached Apple's ears, all three apps were removed from the Mac App Store, together with Dr. Cleaner Pro, Dr. Battery, and Duplicate Finder, a few other apps made by the same company.
The problem was that besides Dr. Antivirus and Dr. Cleaner, an anti-malware and a disk cleaning application, none of the other apps (e.g., an archive expander and a battery monitoring tool) could have any claim of needing to collect any data from the hard disk of the Mac they were installed on.
Moreover, an even bigger problem was that users were not asked at any moment if they agree to have their private data such as browsing history and lists of installed apps.
The Unarchiver For Windows
Trend Micro blames shared libraries and codebase for accidental browsing history collection
In their public apology letter following this incident, Trend Micro says that users could have read the apps' EULA on its support site, where they could have found out exactly what type of data their apps collected and sent to remote Trend Micro servers.
The EULA web page for the Dr. Cleaner app clearly states that the Trend Micro apps were collecting the user's browser history, and a host of system information data such as physical memory, system uptime, and UUID.
There is no mention of their apps collecting and exfiltrating a complete list of all the apps installed and downloaded, or of a list of all running processes as found out by Malware Bytes Labs in their research.
According to Trend Micro, the culprits behind this mishap are not their developers but the use of shared libraries within all their apps and the browser history feature being added to all of them.
Trend Micro finished their letter stating that they removed the browsing history collection features from all the apps outed from Apple's Mac App Store, deleted all the logs they gathered on their US-based AWS servers, and made sure that their security-focused and non-security apps will use different codebases from now on.
Apple just announced prior to this incident, on August 31, that the App Store Guidelines were updated to ask all app developers to include a privacy policy with all their product releases and updates to aid in the review process starting with October 3.